Streaming live at 10am (PST)

Deceptive site ahead - red screen of death

I redesigned a site that was hosted on Dreamhost and registered with GoDaddy. It has been live with no problems since July. Now hosted on Webflow. My client got hacked and someone set up a business hosting account through her name on GoDaddy. Now her site is shut down. I updated the 2 A records and CNAME proxy.ssl.webflow.com on GoDaddy. It has been 24 hrs and still getting this:

I am only versed Webflow’s simple directions on DNS.
Looking for help and direction on what to do to get he site up again.

Thank you.

Hi Ron,

I have checked the site. I was able access the site past the warning.

It can take time for the fraud reporting services to update their records that is provided to the various browsers.

I noticed that the site is being served over http and not https.
Make sure you have enabled the SSL within Webflow on your hosting.

You could also set up a redirect so all visits / traffic is pointed to https. (This can have some performance issues, but not major)

If unsure about any of this feel free to ask.

Hope that helps,
Keiran

Here is a picture of the site I accessed:

Thank you Keiran. SSL was set up at the beginning. Will let you know of any other questions.

Ron

@knk…or anyone else…the site is still coming up with that red screen above. I have added the CNAME to GoDaddy DNS page but still getting this on the check:


My client is at her wits end with this (and me) as her site is still down.

Please advise.

Thank you.

Ron

Hey Ron,

I checked the DNS settings on https://www.whatsmydns.net/#CNAME/www.stretchchi.com

The DNS CNAME record is definitely updated.
Without seeing your exact DNS records in GoDaddy it’s hard to know where the issue is.

Happy to investigate/assist further if you want to screen share at some point.

Let me know.

Not sure what time zone you’re in. I’m in New Zealand, local time of this post is 10:07 am, Wednesday)

Keiran

You should report a detection problem to Google. This issue is tied to the domain name being hacked. Since you moved it to Webflow, you won’t have that issue.

https://safebrowsing.google.com/safebrowsing/report_error/?hl=en-US

1 Like

Hi Keiran. I spent $100 just to talk to AWS and they did all the checks. A Records and CNAME and IP were all confirmed. They said I had to go through Google Phishing protocol and submit for review. They sent me directions and looks like it is a lot of hoops. My client is working on it on her end also.

Thank you for your offer to screen share! Just may do that.

Gonna see what happens on my client-side, but will let you know.

Thanks again!

Ron

Thank you, webdev. My client and I both filled that out yesterday.

What also perplexes me is the site name w/o www is saying connected. www is showing Issues Detected. But I can’t see my A records on the Hosting page.

DNS propagation delay is affecting the project hosting issue.

I made some requests on your behalf to flush your cached records at some large providers. That will speed it up some. You just have to wait on DNS.

Godaddy Authoritative DNS Server

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> www.stretchchi.com @ns11.domaincontrol.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35637
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.stretchchi.com. IN A

;; ANSWER SECTION:
www.stretchchi.com. 3600 IN CNAME proxy.ssl.webflow.com.

;; Query time: 26 msec
;; SERVER: 97.74.105.6#53(97.74.105.6)
;; WHEN: Tue Sep 03 18:46:06 EDT 2019


Cloudflare
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> www.stretchchi.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27545
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.stretchchi.com. IN A

;; ANSWER SECTION:
www.stretchchi.com. 2006 IN CNAME proxy.ssl.webflow.com.
proxy.ssl.webflow.com. 60 IN A 18.210.65.103
proxy.ssl.webflow.com. 60 IN A 34.206.147.207
proxy.ssl.webflow.com. 60 IN A 52.21.253.146

;; Query time: 32 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Sep 03 18:49:53 EDT 2019
;; MSG SIZE rcvd: 127

1 Like

Thank you, webdev!! I am sure that will help!

  • 17 hours and my eyes are tired. I missed a quite obvious error. You have an error in your DNS setting for the CNAME. Should be proxy-ssl.webflow.com not proxy.ssl.webflow.com. Head over to Godaddy and make that fix now.
1 Like

thank you for all your help…will do!

Google DNS, OpenDNS, and Cloudflare DNS are now all updated with the new record. Just a matter of time (short I suspect) and Webflow should show the update as well.

Thank you!! Looking forward to seeing the site again!!

The site is still showing red Deceptive site…Not sure what else I can do.

Wait. You are in the LONG GOOGLE queue. Site is clean so it should happen as soon as someone reviews it. At least you can get through with Firefox :).

Thank you. My client is freaking! Any time range you know of for the LONG GOOGLE queue? I will tell here about Firefox.

Depends on how you reported it and what the issue was. Search console is your best friend in this case. Read and follow the guidelines below.

https://developers.google.com/web/fundamentals/security/hacked/request_review

1 Like

So search console gave me a google verification code google-site-verification=Xty1SOeVle…to put into DNS at the txt @ line…there was a code already there…do I add this line (ie two txt @ lines)or do I replace the current code with with the new code

Since you set up a new search console for that site you replace the existing google-site-verification value with the new one. You only want one.

1 Like